From 1cfbf95393decf047900e1b66b076a030704db20 Mon Sep 17 00:00:00 2001 From: Koen Vandeputte Date: Wed, 27 Feb 2019 17:07:48 +0100 Subject: kernel: bump 4.14 to 4.14.104 Refreshed all patches. Altered patches: - 332-arc-add-OWRTDTB-section.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte --- ...ore-only-allow-one-nat-hook-per-hook-poin.patch | 2 +- ...f_tables-remove-multihook-chains-and-fami.patch | 36 +++--- ...ove-checksum-indirection-to-struct-nf_ipv.patch | 2 +- ...ove-checksum_partial-indirection-to-struc.patch | 2 +- ...emove-saveroute-indirection-in-struct-nf_.patch | 4 +- ...ove-route-indirection-to-struct-nf_ipv6_o.patch | 2 +- ...ove-reroute-indirection-to-struct-nf_ipv6.patch | 6 +- ...emove-route_key_size-field-in-struct-nf_a.patch | 2 +- ...emove-struct-nf_afinfo-and-its-helper-fun.patch | 4 +- ...f_tables-remove-hooks-from-family-definit.patch | 6 +- ...nf_tables-add-flow-table-netlink-frontend.patch | 32 ++--- ...f_tables-remove-nhooks-field-from-struct-.patch | 4 +- ...f_tables-fix-a-typo-in-nf_tables_getflowt.patch | 2 +- ...f_tables-remove-flag-field-from-struct-nf.patch | 2 +- ...f_tables-no-need-for-struct-nft_af_info-t.patch | 12 +- ...f_tables-remove-struct-nft_af_info-parame.patch | 6 +- ...f_tables-fix-potential-NULL-ptr-deref-in-.patch | 2 +- ...f_tables-add-single-table-list-for-all-fa.patch | 144 ++++++++++----------- ...15-netfilter-exit_net-cleanup-check-added.patch | 4 +- ...lter-nf_tables-get-rid-of-pernet-families.patch | 10 +- ...f_tables-get-rid-of-struct-nft_af_info-ab.patch | 128 +++++++++--------- ...ft_flow_offload-wait-for-garbage-collecto.patch | 2 +- ...16-netfilter-nf_tables-fix-flowtable-free.patch | 2 +- ...f_tables-allocate-handle-and-delete-objec.patch | 48 +++---- ...f_flow_table-move-init-code-to-nf_flow_ta.patch | 4 +- ...f_flow_table-fix-priv-pointer-for-netdev-.patch | 2 +- ...f_flow_table-track-flow-tables-in-nf_flow.patch | 2 +- .../pending-4.14/332-arc-add-OWRTDTB-section.patch | 28 ++-- ...f_flow_table-add-hardware-offload-support.patch | 6 +- 29 files changed, 253 insertions(+), 253 deletions(-) (limited to 'target/linux/generic') diff --git a/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch b/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch index 05888a070e..cd54aa0114 100644 --- a/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch +++ b/target/linux/generic/backport-4.14/301-v4.16-netfilter-core-only-allow-one-nat-hook-per-hook-poin.patch @@ -135,7 +135,7 @@ Signed-off-by: Pablo Neira Ayuso new->hooks[nhooks] = old->hooks[i]; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1431,6 +1431,8 @@ static int nf_tables_addchain(struct nft +@@ -1434,6 +1434,8 @@ static int nf_tables_addchain(struct nft ops->hook = hookfn; if (afi->hook_ops_init) afi->hook_ops_init(ops, i); diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index 4c00ea8456..bff41db838 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso } static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type) -@@ -624,8 +621,7 @@ static void _nf_tables_table_disable(str +@@ -627,8 +624,7 @@ static void _nf_tables_table_disable(str if (cnt && i++ == cnt) break; @@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso } } -@@ -642,8 +638,7 @@ static int nf_tables_table_enable(struct +@@ -645,8 +641,7 @@ static int nf_tables_table_enable(struct if (!nft_is_base_chain(chain)) continue; @@ -148,7 +148,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) goto err; -@@ -1055,7 +1050,7 @@ static int nf_tables_fill_chain_info(str +@@ -1058,7 +1053,7 @@ static int nf_tables_fill_chain_info(str if (nft_is_base_chain(chain)) { const struct nft_base_chain *basechain = nft_base_chain(chain); @@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso struct nlattr *nest; nest = nla_nest_start(skb, NFTA_CHAIN_HOOK); -@@ -1283,8 +1278,8 @@ static void nf_tables_chain_destroy(stru +@@ -1286,8 +1281,8 @@ static void nf_tables_chain_destroy(stru free_percpu(basechain->stats); if (basechain->stats) static_branch_dec(&nft_counters_enabled); @@ -168,7 +168,7 @@ Signed-off-by: Pablo Neira Ayuso kfree(chain->name); kfree(basechain); } else { -@@ -1380,7 +1375,6 @@ static int nf_tables_addchain(struct nft +@@ -1383,7 +1378,6 @@ static int nf_tables_addchain(struct nft struct nft_stats __percpu *stats; struct net *net = ctx->net; struct nft_chain *chain; @@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso int err; if (table->use == UINT_MAX) -@@ -1419,21 +1413,18 @@ static int nf_tables_addchain(struct nft +@@ -1422,21 +1416,18 @@ static int nf_tables_addchain(struct nft basechain->type = hook.type; chain = &basechain->chain; @@ -210,7 +210,7 @@ Signed-off-by: Pablo Neira Ayuso chain->flags |= NFT_BASE_CHAIN; basechain->policy = policy; -@@ -1451,7 +1442,7 @@ static int nf_tables_addchain(struct nft +@@ -1454,7 +1445,7 @@ static int nf_tables_addchain(struct nft goto err1; } @@ -219,7 +219,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) goto err1; -@@ -1465,7 +1456,7 @@ static int nf_tables_addchain(struct nft +@@ -1468,7 +1459,7 @@ static int nf_tables_addchain(struct nft return 0; err2: @@ -228,7 +228,7 @@ Signed-off-by: Pablo Neira Ayuso err1: nf_tables_chain_destroy(chain); -@@ -1478,13 +1469,12 @@ static int nf_tables_updchain(struct nft +@@ -1481,13 +1472,12 @@ static int nf_tables_updchain(struct nft const struct nlattr * const *nla = ctx->nla; struct nft_table *table = ctx->table; struct nft_chain *chain = ctx->chain; @@ -243,7 +243,7 @@ Signed-off-by: Pablo Neira Ayuso if (nla[NFTA_CHAIN_HOOK]) { if (!nft_is_base_chain(chain)) -@@ -1501,14 +1491,12 @@ static int nf_tables_updchain(struct nft +@@ -1504,14 +1494,12 @@ static int nf_tables_updchain(struct nft return -EBUSY; } @@ -264,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso } nft_chain_release_hook(&hook); } -@@ -5129,10 +5117,9 @@ static int nf_tables_commit(struct net * +@@ -5134,10 +5122,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -278,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5269,10 +5256,9 @@ static int nf_tables_abort(struct net *n +@@ -5274,10 +5261,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso } break; case NFT_MSG_DELCHAIN: -@@ -5375,7 +5361,7 @@ int nft_chain_validate_hooks(const struc +@@ -5380,7 +5366,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; return -EOPNOTSUPP; -@@ -5857,8 +5843,7 @@ int __nft_release_basechain(struct nft_c +@@ -5862,8 +5848,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -311,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5887,8 +5872,7 @@ static void __nft_release_afinfo(struct +@@ -5892,8 +5877,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) @@ -361,7 +361,7 @@ Signed-off-by: Pablo Neira Ayuso par->hook_mask = 1 << ops->hooknum; } else { -@@ -317,7 +317,7 @@ static int nft_target_validate(const str +@@ -318,7 +318,7 @@ static int nft_target_validate(const str if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -370,7 +370,7 @@ Signed-off-by: Pablo Neira Ayuso hook_mask = 1 << ops->hooknum; if (target->hooks && !(hook_mask & target->hooks)) -@@ -414,7 +414,7 @@ nft_match_set_mtchk_param(struct xt_mtch +@@ -415,7 +415,7 @@ nft_match_set_mtchk_param(struct xt_mtch if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -379,7 +379,7 @@ Signed-off-by: Pablo Neira Ayuso par->hook_mask = 1 << ops->hooknum; } else { -@@ -565,7 +565,7 @@ static int nft_match_validate(const stru +@@ -566,7 +566,7 @@ static int nft_match_validate(const stru if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); diff --git a/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch b/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch index a73256a2c9..07202fe591 100644 --- a/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch +++ b/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch @@ -116,7 +116,7 @@ Signed-off-by: Pablo Neira Ayuso .saveroute = nf_ip_saveroute, --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c -@@ -194,12 +194,12 @@ static __sum16 nf_ip6_checksum_partial(s +@@ -196,12 +196,12 @@ static __sum16 nf_ip6_checksum_partial(s static const struct nf_ipv6_ops ipv6ops = { .chk_addr = ipv6_chk_addr, .route_input = ip6_route_input, diff --git a/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch b/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch index 6ef0928257..39f5564404 100644 --- a/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch +++ b/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch @@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso .reroute = nf_ip_reroute, --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c -@@ -192,15 +192,15 @@ static __sum16 nf_ip6_checksum_partial(s +@@ -194,15 +194,15 @@ static __sum16 nf_ip6_checksum_partial(s }; static const struct nf_ipv6_ops ipv6ops = { diff --git a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch index 2b44066f1a..b02ad8a0d7 100644 --- a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch +++ b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch @@ -125,7 +125,7 @@ Signed-off-by: Pablo Neira Ayuso }; --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c -@@ -70,31 +70,6 @@ int ip6_route_me_harder(struct net *net, +@@ -72,31 +72,6 @@ int ip6_route_me_harder(struct net *net, } EXPORT_SYMBOL(ip6_route_me_harder); @@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso static int nf_ip6_reroute(struct net *net, struct sk_buff *skb, const struct nf_queue_entry *entry) { -@@ -202,7 +177,6 @@ static const struct nf_ipv6_ops ipv6ops +@@ -204,7 +179,6 @@ static const struct nf_ipv6_ops ipv6ops static const struct nf_afinfo nf_ip6_afinfo = { .family = AF_INET6, .route = nf_ip6_route, diff --git a/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch b/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch index eb3e29349a..a594f87cd9 100644 --- a/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch +++ b/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch @@ -114,7 +114,7 @@ Signed-off-by: Pablo Neira Ayuso }; --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c -@@ -172,11 +172,11 @@ static const struct nf_ipv6_ops ipv6ops +@@ -174,11 +174,11 @@ static const struct nf_ipv6_ops ipv6ops .fragment = ip6_fragment, .checksum = nf_ip6_checksum, .checksum_partial = nf_ip6_checksum_partial, diff --git a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch index d45c4ef85b..6e9413e511 100644 --- a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch +++ b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch @@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c -@@ -70,7 +70,7 @@ int ip6_route_me_harder(struct net *net, +@@ -72,7 +72,7 @@ int ip6_route_me_harder(struct net *net, } EXPORT_SYMBOL(ip6_route_me_harder); @@ -147,7 +147,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nf_queue_entry *entry) { struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry); -@@ -80,7 +80,7 @@ static int nf_ip6_reroute(struct net *ne +@@ -82,7 +82,7 @@ static int nf_ip6_reroute(struct net *ne if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || !ipv6_addr_equal(&iph->saddr, &rt_info->saddr) || skb->mark != rt_info->mark) @@ -156,7 +156,7 @@ Signed-off-by: Pablo Neira Ayuso } return 0; } -@@ -173,11 +173,11 @@ static const struct nf_ipv6_ops ipv6ops +@@ -175,11 +175,11 @@ static const struct nf_ipv6_ops ipv6ops .checksum = nf_ip6_checksum, .checksum_partial = nf_ip6_checksum_partial, .route = nf_ip6_route, diff --git a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch index 270379346a..b4a13dd539 100644 --- a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch +++ b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch @@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso static int __init ipv4_netfilter_init(void) --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c -@@ -178,7 +178,6 @@ static const struct nf_ipv6_ops ipv6ops +@@ -180,7 +180,6 @@ static const struct nf_ipv6_ops ipv6ops static const struct nf_afinfo nf_ip6_afinfo = { .family = AF_INET6, diff --git a/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch b/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch index 381b99721a..be3f7336bd 100644 --- a/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch +++ b/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch @@ -102,7 +102,7 @@ Signed-off-by: Pablo Neira Ayuso -subsys_initcall(ipv4_netfilter_init); --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c -@@ -176,14 +176,10 @@ static const struct nf_ipv6_ops ipv6ops +@@ -178,14 +178,10 @@ static const struct nf_ipv6_ops ipv6ops .reroute = nf_ip6_reroute, }; @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso } /* This can be called from inet6_init() on errors, so it cannot -@@ -192,5 +188,4 @@ int __init ipv6_netfilter_init(void) +@@ -194,5 +190,4 @@ int __init ipv6_netfilter_init(void) void ipv6_netfilter_fini(void) { RCU_INIT_POINTER(nf_ipv6_ops, NULL); diff --git a/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch b/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch index 3ee8ad9d33..f4c3a48ead 100644 --- a/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch +++ b/target/linux/generic/backport-4.14/312-v4.16-netfilter-nf_tables-remove-hooks-from-family-definit.patch @@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso static int __init nf_tables_ipv6_init(void) --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1383,7 +1383,6 @@ static int nf_tables_addchain(struct nft +@@ -1386,7 +1386,6 @@ static int nf_tables_addchain(struct nft if (nla[NFTA_CHAIN_HOOK]) { struct nft_chain_hook hook; struct nf_hook_ops *ops; @@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso err = nft_chain_parse_hook(net, nla, afi, &hook, create); if (err < 0) -@@ -1409,7 +1408,6 @@ static int nf_tables_addchain(struct nft +@@ -1412,7 +1411,6 @@ static int nf_tables_addchain(struct nft static_branch_inc(&nft_counters_enabled); } @@ -167,7 +167,7 @@ Signed-off-by: Pablo Neira Ayuso basechain->type = hook.type; chain = &basechain->chain; -@@ -1418,10 +1416,8 @@ static int nf_tables_addchain(struct nft +@@ -1421,10 +1419,8 @@ static int nf_tables_addchain(struct nft ops->hooknum = hook.num; ops->priority = hook.priority; ops->priv = chain; diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index f573d53b26..bce3914eff 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -217,7 +217,7 @@ Signed-off-by: Pablo Neira Ayuso /** * nft_register_afinfo - register nf_tables address family info -@@ -374,6 +376,40 @@ static int nft_delobj(struct nft_ctx *ct +@@ -377,6 +379,40 @@ static int nft_delobj(struct nft_ctx *ct return err; } @@ -258,7 +258,7 @@ Signed-off-by: Pablo Neira Ayuso /* * Tables */ -@@ -757,6 +793,7 @@ static int nf_tables_newtable(struct net +@@ -760,6 +796,7 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->chains); INIT_LIST_HEAD(&table->sets); INIT_LIST_HEAD(&table->objects); @@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso table->flags = flags; nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -@@ -778,10 +815,11 @@ err1: +@@ -781,10 +818,11 @@ err1: static int nft_flush_table(struct nft_ctx *ctx) { @@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry(chain, &ctx->table->chains, list) { if (!nft_is_active_next(ctx->net, chain)) -@@ -807,6 +845,12 @@ static int nft_flush_table(struct nft_ct +@@ -810,6 +848,12 @@ static int nft_flush_table(struct nft_ct goto out; } @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4829,6 +4873,605 @@ static void nf_tables_obj_notify(const s +@@ -4834,6 +4878,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4859,6 +5502,49 @@ nla_put_failure: +@@ -4864,6 +5507,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -5011,6 +5697,21 @@ static const struct nfnl_callback nf_tab +@@ -5016,6 +5702,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5059,6 +5760,9 @@ static void nf_tables_commit_release(str +@@ -5064,6 +5765,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso } kfree(trans); } -@@ -5178,6 +5882,21 @@ static int nf_tables_commit(struct net * +@@ -5183,6 +5887,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso } } -@@ -5215,6 +5934,9 @@ static void nf_tables_abort_release(stru +@@ -5220,6 +5939,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso } kfree(trans); } -@@ -5306,6 +6028,17 @@ static int nf_tables_abort(struct net *n +@@ -5311,6 +6033,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso } } -@@ -5856,6 +6589,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5861,6 +6594,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5869,6 +6603,9 @@ static void __nft_release_afinfo(struct +@@ -5874,6 +6608,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5879,6 +6616,11 @@ static void __nft_release_afinfo(struct +@@ -5884,6 +6621,11 @@ static void __nft_release_afinfo(struct nf_tables_rule_release(&ctx, rule); } } @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5922,6 +6664,8 @@ static int __init nf_tables_module_init( +@@ -5927,6 +6669,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso pr_info("nf_tables: (c) 2007-2009 Patrick McHardy \n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5936,6 +6680,7 @@ static void __exit nf_tables_module_exit +@@ -5941,6 +6685,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index af81224883..66ebe69bb4 100644 --- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -72,7 +72,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1359,9 +1359,6 @@ static int nft_chain_parse_hook(struct n +@@ -1362,9 +1362,6 @@ static int nft_chain_parse_hook(struct n return -EINVAL; hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -4981,7 +4978,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4986,7 +4983,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index 4ea9cf6c89..493ed1d27d 100644 --- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5405,7 +5405,7 @@ static int nf_tables_getflowtable(struct +@@ -5410,7 +5410,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch b/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch index c599ad79c2..f15ecd201e 100644 --- a/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch +++ b/target/linux/generic/backport-4.14/330-v4.16-netfilter-nf_tables-remove-flag-field-from-struct-nf.patch @@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso int nft_register_afinfo(struct net *, struct nft_af_info *); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -1376,7 +1376,7 @@ static int nft_chain_parse_hook(struct n +@@ -1379,7 +1379,7 @@ static int nft_chain_parse_hook(struct n hook->type = type; hook->dev = NULL; diff --git a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index 29404cff63..88afdc2266 100644 --- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -640,10 +640,7 @@ err: +@@ -643,10 +643,7 @@ err: return err; } @@ -23,7 +23,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_chain *chain; u32 i = 0; -@@ -661,9 +658,7 @@ static void _nf_tables_table_disable(str +@@ -664,9 +661,7 @@ static void _nf_tables_table_disable(str } } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_chain *chain; int err, i = 0; -@@ -683,15 +678,13 @@ static int nf_tables_table_enable(struct +@@ -686,15 +681,13 @@ static int nf_tables_table_enable(struct return 0; err: if (i) @@ -53,7 +53,7 @@ Signed-off-by: Pablo Neira Ayuso } static int nf_tables_updtable(struct nft_ctx *ctx) -@@ -720,7 +713,7 @@ static int nf_tables_updtable(struct nft +@@ -723,7 +716,7 @@ static int nf_tables_updtable(struct nft nft_trans_table_enable(trans) = false; } else if (!(flags & NFT_TABLE_F_DORMANT) && ctx->table->flags & NFT_TABLE_F_DORMANT) { @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5786,7 +5779,6 @@ static int nf_tables_commit(struct net * +@@ -5791,7 +5784,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5950,7 +5942,6 @@ static int nf_tables_abort(struct net *n +@@ -5955,7 +5947,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch b/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch index 086178ae20..4875dbb0d3 100644 --- a/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch +++ b/target/linux/generic/backport-4.14/332-v4.16-netfilter-nf_tables-remove-struct-nft_af_info-parame.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -452,7 +452,7 @@ static inline u64 nf_tables_alloc_handle +@@ -455,7 +455,7 @@ static inline u64 nf_tables_alloc_handle static const struct nf_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX]; static const struct nf_chain_type * @@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso { int i; -@@ -465,22 +465,20 @@ __nf_tables_chain_type_lookup(int family +@@ -468,22 +468,20 @@ __nf_tables_chain_type_lookup(int family } static const struct nf_chain_type * @@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso if (type != NULL) return ERR_PTR(-EAGAIN); } -@@ -1356,8 +1354,8 @@ static int nft_chain_parse_hook(struct n +@@ -1359,8 +1357,8 @@ static int nft_chain_parse_hook(struct n type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; if (nla[NFTA_CHAIN_TYPE]) { diff --git a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index bc6810bdd2..719c2d9940 100644 --- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5324,8 +5324,10 @@ static int nf_tables_dump_flowtable_done +@@ -5329,8 +5329,10 @@ static int nf_tables_dump_flowtable_done if (!filter) return 0; diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index e08b9b26d5..15892e6933 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -108,7 +108,7 @@ Signed-off-by: Pablo Neira Ayuso ctx->table = table; ctx->chain = chain; ctx->nla = nla; -@@ -414,30 +413,31 @@ static int nft_delflowtable(struct nft_c +@@ -417,30 +416,31 @@ static int nft_delflowtable(struct nft_c * Tables */ @@ -146,7 +146,7 @@ Signed-off-by: Pablo Neira Ayuso if (table != NULL) return table; -@@ -536,7 +536,7 @@ static void nf_tables_table_notify(const +@@ -539,7 +539,7 @@ static void nf_tables_table_notify(const goto err; err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -155,7 +155,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) { kfree_skb(skb); goto err; -@@ -553,7 +553,6 @@ static int nf_tables_dump_tables(struct +@@ -556,7 +556,6 @@ static int nf_tables_dump_tables(struct struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -163,7 +163,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct net *net = sock_net(skb->sk); -@@ -562,30 +561,27 @@ static int nf_tables_dump_tables(struct +@@ -565,30 +564,27 @@ static int nf_tables_dump_tables(struct rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -211,7 +211,7 @@ Signed-off-by: Pablo Neira Ayuso } done: rcu_read_unlock(); -@@ -617,7 +613,8 @@ static int nf_tables_gettable(struct net +@@ -620,7 +616,8 @@ static int nf_tables_gettable(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -221,7 +221,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -748,7 +745,7 @@ static int nf_tables_newtable(struct net +@@ -751,7 +748,7 @@ static int nf_tables_newtable(struct net return PTR_ERR(afi); name = nla[NFTA_TABLE_NAME]; @@ -230,7 +230,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) { if (PTR_ERR(table) != -ENOENT) return PTR_ERR(table); -@@ -758,7 +755,7 @@ static int nf_tables_newtable(struct net +@@ -761,7 +758,7 @@ static int nf_tables_newtable(struct net if (nlh->nlmsg_flags & NLM_F_REPLACE) return -EOPNOTSUPP; @@ -239,7 +239,7 @@ Signed-off-by: Pablo Neira Ayuso return nf_tables_updtable(&ctx); } -@@ -785,14 +782,15 @@ static int nf_tables_newtable(struct net +@@ -788,14 +785,15 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->sets); INIT_LIST_HEAD(&table->objects); INIT_LIST_HEAD(&table->flowtables); @@ -257,7 +257,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; err4: kfree(table->name); -@@ -866,30 +864,28 @@ out: +@@ -869,30 +867,28 @@ out: static int nft_flush(struct nft_ctx *ctx, int family) { @@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso } out: return err; -@@ -907,7 +903,7 @@ static int nf_tables_deltable(struct net +@@ -910,7 +906,7 @@ static int nf_tables_deltable(struct net int family = nfmsg->nfgen_family; struct nft_ctx ctx; @@ -310,7 +310,7 @@ Signed-off-by: Pablo Neira Ayuso if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) return nft_flush(&ctx, family); -@@ -915,7 +911,8 @@ static int nf_tables_deltable(struct net +@@ -918,7 +914,8 @@ static int nf_tables_deltable(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -320,7 +320,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -923,7 +920,7 @@ static int nf_tables_deltable(struct net +@@ -926,7 +923,7 @@ static int nf_tables_deltable(struct net table->use > 0) return -EBUSY; @@ -329,7 +329,7 @@ Signed-off-by: Pablo Neira Ayuso ctx.table = table; return nft_flush_table(&ctx); -@@ -935,7 +932,7 @@ static void nf_tables_table_destroy(stru +@@ -938,7 +935,7 @@ static void nf_tables_table_destroy(stru kfree(ctx->table->name); kfree(ctx->table); @@ -338,7 +338,7 @@ Signed-off-by: Pablo Neira Ayuso } int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1136,7 +1133,7 @@ static void nf_tables_chain_notify(const +@@ -1139,7 +1136,7 @@ static void nf_tables_chain_notify(const goto err; err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -347,7 +347,7 @@ Signed-off-by: Pablo Neira Ayuso ctx->chain); if (err < 0) { kfree_skb(skb); -@@ -1154,7 +1151,6 @@ static int nf_tables_dump_chains(struct +@@ -1157,7 +1154,6 @@ static int nf_tables_dump_chains(struct struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -355,7 +355,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; unsigned int idx = 0, s_idx = cb->args[0]; -@@ -1164,31 +1160,30 @@ static int nf_tables_dump_chains(struct +@@ -1167,31 +1163,30 @@ static int nf_tables_dump_chains(struct rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -407,7 +407,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -1222,7 +1217,8 @@ static int nf_tables_getchain(struct net +@@ -1225,7 +1220,8 @@ static int nf_tables_getchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -417,7 +417,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1332,8 +1328,8 @@ struct nft_chain_hook { +@@ -1335,8 +1331,8 @@ struct nft_chain_hook { static int nft_chain_parse_hook(struct net *net, const struct nlattr * const nla[], @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nlattr *ha[NFTA_HOOK_MAX + 1]; const struct nf_chain_type *type; -@@ -1352,10 +1348,10 @@ static int nft_chain_parse_hook(struct n +@@ -1355,10 +1351,10 @@ static int nft_chain_parse_hook(struct n hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); @@ -441,7 +441,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(type)) return PTR_ERR(type); } -@@ -1367,7 +1363,7 @@ static int nft_chain_parse_hook(struct n +@@ -1370,7 +1366,7 @@ static int nft_chain_parse_hook(struct n hook->type = type; hook->dev = NULL; @@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso char ifname[IFNAMSIZ]; if (!ha[NFTA_HOOK_DEV]) { -@@ -1402,7 +1398,6 @@ static int nf_tables_addchain(struct nft +@@ -1405,7 +1401,6 @@ static int nf_tables_addchain(struct nft { const struct nlattr * const *nla = ctx->nla; struct nft_table *table = ctx->table; @@ -458,7 +458,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_base_chain *basechain; struct nft_stats __percpu *stats; struct net *net = ctx->net; -@@ -1416,7 +1411,7 @@ static int nf_tables_addchain(struct nft +@@ -1419,7 +1414,7 @@ static int nf_tables_addchain(struct nft struct nft_chain_hook hook; struct nf_hook_ops *ops; @@ -467,7 +467,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) return err; -@@ -1508,7 +1503,7 @@ static int nf_tables_updchain(struct nft +@@ -1511,7 +1506,7 @@ static int nf_tables_updchain(struct nft if (!nft_is_base_chain(chain)) return -EBUSY; @@ -476,7 +476,7 @@ Signed-off-by: Pablo Neira Ayuso create); if (err < 0) return err; -@@ -1618,7 +1613,8 @@ static int nf_tables_newchain(struct net +@@ -1621,7 +1616,8 @@ static int nf_tables_newchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -486,7 +486,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1658,7 +1654,7 @@ static int nf_tables_newchain(struct net +@@ -1661,7 +1657,7 @@ static int nf_tables_newchain(struct net } } @@ -495,7 +495,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain != NULL) { if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1692,7 +1688,8 @@ static int nf_tables_delchain(struct net +@@ -1695,7 +1691,8 @@ static int nf_tables_delchain(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -505,7 +505,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1704,7 +1701,7 @@ static int nf_tables_delchain(struct net +@@ -1707,7 +1704,7 @@ static int nf_tables_delchain(struct net chain->use > 0) return -EBUSY; @@ -514,7 +514,7 @@ Signed-off-by: Pablo Neira Ayuso use = chain->use; list_for_each_entry(rule, &chain->rules, list) { -@@ -1869,7 +1866,7 @@ static int nf_tables_expr_parse(const st +@@ -1872,7 +1869,7 @@ static int nf_tables_expr_parse(const st if (err < 0) return err; @@ -523,7 +523,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(type)) return PTR_ERR(type); -@@ -2093,7 +2090,7 @@ static void nf_tables_rule_notify(const +@@ -2096,7 +2093,7 @@ static void nf_tables_rule_notify(const goto err; err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, @@ -532,7 +532,7 @@ Signed-off-by: Pablo Neira Ayuso ctx->chain, rule); if (err < 0) { kfree_skb(skb); -@@ -2117,7 +2114,6 @@ static int nf_tables_dump_rules(struct s +@@ -2120,7 +2117,6 @@ static int nf_tables_dump_rules(struct s { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); const struct nft_rule_dump_ctx *ctx = cb->data; @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; const struct nft_rule *rule; -@@ -2128,39 +2124,37 @@ static int nf_tables_dump_rules(struct s +@@ -2131,39 +2127,37 @@ static int nf_tables_dump_rules(struct s rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -605,7 +605,7 @@ Signed-off-by: Pablo Neira Ayuso } } } -@@ -2238,7 +2232,8 @@ static int nf_tables_getrule(struct net +@@ -2241,7 +2235,8 @@ static int nf_tables_getrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -2323,7 +2318,8 @@ static int nf_tables_newrule(struct net +@@ -2326,7 +2321,8 @@ static int nf_tables_newrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -2362,7 +2358,7 @@ static int nf_tables_newrule(struct net +@@ -2365,7 +2361,7 @@ static int nf_tables_newrule(struct net return PTR_ERR(old_rule); } @@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso n = 0; size = 0; -@@ -2495,7 +2491,8 @@ static int nf_tables_delrule(struct net +@@ -2498,7 +2494,8 @@ static int nf_tables_delrule(struct net if (IS_ERR(afi)) return PTR_ERR(afi); @@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -2506,7 +2503,7 @@ static int nf_tables_delrule(struct net +@@ -2509,7 +2506,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2704,13 +2701,13 @@ static int nft_ctx_init_from_setattr(str +@@ -2707,13 +2704,13 @@ static int nft_ctx_init_from_setattr(str if (afi == NULL) return -EAFNOSUPPORT; @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -2838,7 +2835,7 @@ static int nf_tables_fill_set(struct sk_ +@@ -2841,7 +2838,7 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -2930,10 +2927,8 @@ static int nf_tables_dump_sets(struct sk +@@ -2933,10 +2930,8 @@ static int nf_tables_dump_sets(struct sk { const struct nft_set *set; unsigned int idx, s_idx = cb->args[0]; @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_ctx *ctx = cb->data, ctx_set; if (cb->args[1]) -@@ -2942,51 +2937,44 @@ static int nf_tables_dump_sets(struct sk +@@ -2945,51 +2940,44 @@ static int nf_tables_dump_sets(struct sk rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso } cb->args[1] = 1; done: -@@ -3196,11 +3184,12 @@ static int nf_tables_newset(struct net * +@@ -3199,11 +3187,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3469,12 +3458,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3472,12 +3461,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -3579,7 +3568,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3582,7 +3571,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3591,21 +3579,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3594,21 +3582,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso } break; } -@@ -3625,7 +3611,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3628,7 +3614,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3727,7 +3713,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3730,7 +3716,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3971,7 +3957,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3974,7 +3960,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4521,7 +4507,8 @@ static int nf_tables_newobj(struct net * +@@ -4526,7 +4512,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4539,7 +4526,7 @@ static int nf_tables_newobj(struct net * +@@ -4544,7 +4531,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4616,7 +4603,6 @@ struct nft_obj_filter { +@@ -4621,7 +4608,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4631,38 +4617,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4636,38 +4622,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -4749,7 +4734,8 @@ static int nf_tables_getobj(struct net * +@@ -4754,7 +4739,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4809,7 +4795,8 @@ static int nf_tables_delobj(struct net * +@@ -4814,7 +4800,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4820,7 +4807,7 @@ static int nf_tables_delobj(struct net * +@@ -4825,7 +4812,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delobj(&ctx, obj); } -@@ -4858,7 +4845,7 @@ static void nf_tables_obj_notify(const s +@@ -4863,7 +4850,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso } /* -@@ -5048,7 +5035,7 @@ void nft_flow_table_iterate(struct net * +@@ -5053,7 +5040,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5096,7 +5083,8 @@ static int nf_tables_newflowtable(struct +@@ -5101,7 +5088,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5113,7 +5101,7 @@ static int nf_tables_newflowtable(struct +@@ -5118,7 +5106,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5194,7 +5182,8 @@ static int nf_tables_delflowtable(struct +@@ -5199,7 +5187,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5205,7 +5194,7 @@ static int nf_tables_delflowtable(struct +@@ -5210,7 +5199,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delflowtable(&ctx, flowtable); } -@@ -5274,40 +5263,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5279,40 +5268,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -5392,7 +5378,8 @@ static int nf_tables_getflowtable(struct +@@ -5397,7 +5383,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5435,7 +5422,7 @@ static void nf_tables_flowtable_notify(s +@@ -5440,7 +5427,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) { kfree_skb(skb); goto err; -@@ -5513,17 +5500,14 @@ static int nf_tables_flowtable_event(str +@@ -5518,17 +5505,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6549,6 +6533,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6554,6 +6538,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6585,10 +6570,10 @@ static void __nft_release_afinfo(struct +@@ -6590,10 +6575,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -1228,7 +1228,7 @@ Signed-off-by: Pablo Neira Ayuso par->nft_compat = true; } -@@ -282,7 +282,7 @@ nft_target_destroy(const struct nft_ctx +@@ -283,7 +283,7 @@ nft_target_destroy(const struct nft_ctx par.net = ctx->net; par.target = target; par.targinfo = info; @@ -1237,7 +1237,7 @@ Signed-off-by: Pablo Neira Ayuso if (par.target->destroy != NULL) par.target->destroy(&par); -@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch +@@ -390,7 +390,7 @@ nft_match_set_mtchk_param(struct xt_mtch { par->net = ctx->net; par->table = ctx->table->name; @@ -1246,7 +1246,7 @@ Signed-off-by: Pablo Neira Ayuso case AF_INET: entry->e4.ip.proto = proto; entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -420,7 +420,7 @@ nft_match_set_mtchk_param(struct xt_mtch +@@ -421,7 +421,7 @@ nft_match_set_mtchk_param(struct xt_mtch } else { par->hook_mask = 0; } @@ -1255,7 +1255,7 @@ Signed-off-by: Pablo Neira Ayuso par->nft_compat = true; } -@@ -503,7 +503,7 @@ __nft_match_destroy(const struct nft_ctx +@@ -504,7 +504,7 @@ __nft_match_destroy(const struct nft_ctx par.net = ctx->net; par.match = match; par.matchinfo = info; @@ -1264,7 +1264,7 @@ Signed-off-by: Pablo Neira Ayuso if (par.match->destroy != NULL) par.match->destroy(&par); -@@ -733,7 +733,7 @@ nft_match_select_ops(const struct nft_ct +@@ -734,7 +734,7 @@ nft_match_select_ops(const struct nft_ct mt_name = nla_data(tb[NFTA_MATCH_NAME]); rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV])); @@ -1273,7 +1273,7 @@ Signed-off-by: Pablo Neira Ayuso /* Re-use the existing match if it's already loaded. */ list_for_each_entry(nft_match, &nft_match_list, head) { -@@ -824,7 +824,7 @@ nft_target_select_ops(const struct nft_c +@@ -825,7 +825,7 @@ nft_target_select_ops(const struct nft_c tg_name = nla_data(tb[NFTA_TARGET_NAME]); rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV])); diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index 844ba450d7..406b15d820 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6539,6 +6539,12 @@ static int __net_init nf_tables_init_net +@@ -6544,6 +6544,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6616,6 +6622,7 @@ static void __nft_release_afinfo(struct +@@ -6621,6 +6627,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, diff --git a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch index 2274c1327d..d1325de2d4 100644 --- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso if (afi->family == family) return afi; } -@@ -5030,15 +5028,12 @@ void nft_flow_table_iterate(struct net * +@@ -5035,15 +5033,12 @@ void nft_flow_table_iterate(struct net * void *data) { struct nft_flowtable *flowtable; @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso } } rcu_read_unlock(); -@@ -6530,21 +6525,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6535,21 +6530,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6565,8 +6545,7 @@ int __nft_release_basechain(struct nft_c +@@ -6570,8 +6550,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6576,10 +6555,11 @@ static void __nft_release_afinfo(struct +@@ -6581,10 +6560,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6620,6 +6600,21 @@ static void __nft_release_afinfo(struct +@@ -6625,6 +6605,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index fd19ffad5a..426cab601d 100644 --- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -323,7 +323,7 @@ Signed-off-by: Pablo Neira Ayuso static void nft_ctx_init(struct nft_ctx *ctx, struct net *net, -@@ -419,7 +354,7 @@ static struct nft_table *nft_table_looku +@@ -422,7 +357,7 @@ static struct nft_table *nft_table_looku list_for_each_entry(table, &net->nft.tables, list) { if (!nla_strcmp(nla, table->name) && @@ -332,7 +332,7 @@ Signed-off-by: Pablo Neira Ayuso nft_active_genmask(table, genmask)) return table; } -@@ -560,7 +495,7 @@ static int nf_tables_dump_tables(struct +@@ -563,7 +498,7 @@ static int nf_tables_dump_tables(struct cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -341,7 +341,7 @@ Signed-off-by: Pablo Neira Ayuso continue; if (idx < s_idx) -@@ -574,7 +509,7 @@ static int nf_tables_dump_tables(struct +@@ -577,7 +512,7 @@ static int nf_tables_dump_tables(struct NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq, NFT_MSG_NEWTABLE, NLM_F_MULTI, @@ -350,7 +350,7 @@ Signed-off-by: Pablo Neira Ayuso goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -594,7 +529,6 @@ static int nf_tables_gettable(struct net +@@ -597,7 +532,6 @@ static int nf_tables_gettable(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -358,7 +358,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; struct sk_buff *skb2; int family = nfmsg->nfgen_family; -@@ -607,11 +541,7 @@ static int nf_tables_gettable(struct net +@@ -610,11 +544,7 @@ static int nf_tables_gettable(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -371,7 +371,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -731,19 +661,14 @@ static int nf_tables_newtable(struct net +@@ -734,19 +664,14 @@ static int nf_tables_newtable(struct net const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); const struct nlattr *name; @@ -392,7 +392,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) { if (PTR_ERR(table) != -ENOENT) return PTR_ERR(table); -@@ -753,7 +678,7 @@ static int nf_tables_newtable(struct net +@@ -756,7 +681,7 @@ static int nf_tables_newtable(struct net if (nlh->nlmsg_flags & NLM_F_REPLACE) return -EOPNOTSUPP; @@ -401,7 +401,7 @@ Signed-off-by: Pablo Neira Ayuso return nf_tables_updtable(&ctx); } -@@ -763,40 +688,34 @@ static int nf_tables_newtable(struct net +@@ -766,40 +691,34 @@ static int nf_tables_newtable(struct net return -EINVAL; } @@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso return err; } -@@ -867,10 +786,10 @@ static int nft_flush(struct nft_ctx *ctx +@@ -870,10 +789,10 @@ static int nft_flush(struct nft_ctx *ctx int err = 0; list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) { @@ -463,7 +463,7 @@ Signed-off-by: Pablo Neira Ayuso if (!nft_is_active_next(ctx->net, table)) continue; -@@ -896,7 +815,6 @@ static int nf_tables_deltable(struct net +@@ -899,7 +818,6 @@ static int nf_tables_deltable(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -471,7 +471,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; int family = nfmsg->nfgen_family; struct nft_ctx ctx; -@@ -905,11 +823,7 @@ static int nf_tables_deltable(struct net +@@ -908,11 +826,7 @@ static int nf_tables_deltable(struct net if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) return nft_flush(&ctx, family); @@ -484,7 +484,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -918,7 +832,7 @@ static int nf_tables_deltable(struct net +@@ -921,7 +835,7 @@ static int nf_tables_deltable(struct net table->use > 0) return -EBUSY; @@ -493,7 +493,7 @@ Signed-off-by: Pablo Neira Ayuso ctx.table = table; return nft_flush_table(&ctx); -@@ -930,7 +844,6 @@ static void nf_tables_table_destroy(stru +@@ -933,7 +847,6 @@ static void nf_tables_table_destroy(stru kfree(ctx->table->name); kfree(ctx->table); @@ -501,7 +501,7 @@ Signed-off-by: Pablo Neira Ayuso } int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1159,7 +1072,7 @@ static int nf_tables_dump_chains(struct +@@ -1162,7 +1075,7 @@ static int nf_tables_dump_chains(struct cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -510,7 +510,7 @@ Signed-off-by: Pablo Neira Ayuso continue; list_for_each_entry_rcu(chain, &table->chains, list) { -@@ -1175,7 +1088,7 @@ static int nf_tables_dump_chains(struct +@@ -1178,7 +1091,7 @@ static int nf_tables_dump_chains(struct cb->nlh->nlmsg_seq, NFT_MSG_NEWCHAIN, NLM_F_MULTI, @@ -519,7 +519,7 @@ Signed-off-by: Pablo Neira Ayuso chain) < 0) goto done; -@@ -1197,7 +1110,6 @@ static int nf_tables_getchain(struct net +@@ -1200,7 +1113,6 @@ static int nf_tables_getchain(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -527,7 +527,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; struct sk_buff *skb2; -@@ -1211,11 +1123,7 @@ static int nf_tables_getchain(struct net +@@ -1214,11 +1126,7 @@ static int nf_tables_getchain(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1597,7 +1505,6 @@ static int nf_tables_newchain(struct net +@@ -1600,7 +1508,6 @@ static int nf_tables_newchain(struct net const struct nlattr * uninitialized_var(name); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -548,7 +548,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_chain *chain; u8 policy = NF_ACCEPT; -@@ -1607,11 +1514,7 @@ static int nf_tables_newchain(struct net +@@ -1610,11 +1517,7 @@ static int nf_tables_newchain(struct net create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -561,7 +561,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1652,7 +1555,7 @@ static int nf_tables_newchain(struct net +@@ -1655,7 +1558,7 @@ static int nf_tables_newchain(struct net } } @@ -570,7 +570,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain != NULL) { if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1673,7 +1576,6 @@ static int nf_tables_delchain(struct net +@@ -1676,7 +1579,6 @@ static int nf_tables_delchain(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -578,7 +578,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_chain *chain; struct nft_rule *rule; -@@ -1682,11 +1584,7 @@ static int nf_tables_delchain(struct net +@@ -1685,11 +1587,7 @@ static int nf_tables_delchain(struct net u32 use; int err; @@ -591,7 +591,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -1699,7 +1597,7 @@ static int nf_tables_delchain(struct net +@@ -1702,7 +1600,7 @@ static int nf_tables_delchain(struct net chain->use > 0) return -EBUSY; @@ -600,7 +600,7 @@ Signed-off-by: Pablo Neira Ayuso use = chain->use; list_for_each_entry(rule, &chain->rules, list) { -@@ -2123,7 +2021,7 @@ static int nf_tables_dump_rules(struct s +@@ -2126,7 +2024,7 @@ static int nf_tables_dump_rules(struct s cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -609,7 +609,7 @@ Signed-off-by: Pablo Neira Ayuso continue; if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) -@@ -2146,7 +2044,7 @@ static int nf_tables_dump_rules(struct s +@@ -2149,7 +2047,7 @@ static int nf_tables_dump_rules(struct s cb->nlh->nlmsg_seq, NFT_MSG_NEWRULE, NLM_F_MULTI | NLM_F_APPEND, @@ -618,7 +618,7 @@ Signed-off-by: Pablo Neira Ayuso table, chain, rule) < 0) goto done; -@@ -2182,7 +2080,6 @@ static int nf_tables_getrule(struct net +@@ -2185,7 +2083,6 @@ static int nf_tables_getrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); @@ -626,7 +626,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; const struct nft_chain *chain; const struct nft_rule *rule; -@@ -2226,11 +2123,7 @@ static int nf_tables_getrule(struct net +@@ -2229,11 +2126,7 @@ static int nf_tables_getrule(struct net return netlink_dump_start(nlsk, skb, nlh, &c); } @@ -639,7 +639,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2296,7 +2189,7 @@ static int nf_tables_newrule(struct net +@@ -2299,7 +2192,7 @@ static int nf_tables_newrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -648,7 +648,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_chain *chain; struct nft_rule *rule, *old_rule = NULL; -@@ -2312,11 +2205,7 @@ static int nf_tables_newrule(struct net +@@ -2315,11 +2208,7 @@ static int nf_tables_newrule(struct net create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -661,7 +661,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2356,7 +2245,7 @@ static int nf_tables_newrule(struct net +@@ -2359,7 +2248,7 @@ static int nf_tables_newrule(struct net return PTR_ERR(old_rule); } @@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso n = 0; size = 0; -@@ -2478,18 +2367,13 @@ static int nf_tables_delrule(struct net +@@ -2481,18 +2370,13 @@ static int nf_tables_delrule(struct net { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -2501,7 +2385,7 @@ static int nf_tables_delrule(struct net +@@ -2504,7 +2388,7 @@ static int nf_tables_delrule(struct net return PTR_ERR(chain); } @@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso if (chain) { if (nla[NFTA_RULE_HANDLE]) { -@@ -2686,26 +2570,17 @@ static int nft_ctx_init_from_setattr(str +@@ -2689,26 +2573,17 @@ static int nft_ctx_init_from_setattr(str u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -2937,7 +2812,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2940,7 +2815,7 @@ static int nf_tables_dump_sets(struct sk list_for_each_entry_rcu(table, &net->nft.tables, list) { if (ctx->family != NFPROTO_UNSPEC && @@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso continue; if (ctx->table && ctx->table != table) -@@ -2958,7 +2833,7 @@ static int nf_tables_dump_sets(struct sk +@@ -2961,7 +2836,7 @@ static int nf_tables_dump_sets(struct sk ctx_set = *ctx; ctx_set.table = table; @@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso if (nf_tables_fill_set(skb, &ctx_set, set, NFT_MSG_NEWSET, -@@ -3070,8 +2945,8 @@ static int nf_tables_newset(struct net * +@@ -3073,8 +2948,8 @@ static int nf_tables_newset(struct net * { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); @@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_set *set; struct nft_ctx ctx; -@@ -3178,16 +3053,12 @@ static int nf_tables_newset(struct net * +@@ -3181,16 +3056,12 @@ static int nf_tables_newset(struct net * create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3449,19 +3320,15 @@ static int nft_ctx_init_from_elemattr(st +@@ -3452,19 +3323,15 @@ static int nft_ctx_init_from_elemattr(st u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -3579,7 +3446,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3582,7 +3449,7 @@ static int nf_tables_dump_set(struct sk_ rcu_read_lock(); list_for_each_entry_rcu(table, &net->nft.tables, list) { if (dump_ctx->ctx.family != NFPROTO_UNSPEC && @@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso continue; if (table != dump_ctx->ctx.table) -@@ -3609,7 +3476,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3612,7 +3479,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -4489,7 +4356,6 @@ static int nf_tables_newobj(struct net * +@@ -4494,7 +4361,6 @@ static int nf_tables_newobj(struct net * const struct nft_object_type *type; u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4501,11 +4367,7 @@ static int nf_tables_newobj(struct net * +@@ -4506,11 +4372,7 @@ static int nf_tables_newobj(struct net * !nla[NFTA_OBJ_DATA]) return -EINVAL; @@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4524,7 +4386,7 @@ static int nf_tables_newobj(struct net * +@@ -4529,7 +4391,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4616,7 +4478,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4621,7 +4483,7 @@ static int nf_tables_dump_obj(struct sk_ cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso continue; list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4639,7 +4501,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4644,7 +4506,7 @@ static int nf_tables_dump_obj(struct sk_ cb->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, NLM_F_MULTI | NLM_F_APPEND, @@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso obj, reset) < 0) goto done; -@@ -4697,7 +4559,6 @@ static int nf_tables_getobj(struct net * +@@ -4702,7 +4564,6 @@ static int nf_tables_getobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; @@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; struct nft_object *obj; struct sk_buff *skb2; -@@ -4728,11 +4589,7 @@ static int nf_tables_getobj(struct net * +@@ -4733,11 +4594,7 @@ static int nf_tables_getobj(struct net * !nla[NFTA_OBJ_TYPE]) return -EINVAL; @@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4779,7 +4636,6 @@ static int nf_tables_delobj(struct net * +@@ -4784,7 +4641,6 @@ static int nf_tables_delobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4789,11 +4645,7 @@ static int nf_tables_delobj(struct net * +@@ -4794,11 +4650,7 @@ static int nf_tables_delobj(struct net * !nla[NFTA_OBJ_NAME]) return -EINVAL; @@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4805,7 +4657,7 @@ static int nf_tables_delobj(struct net * +@@ -4810,7 +4662,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delobj(&ctx, obj); } -@@ -4990,33 +4842,31 @@ err1: +@@ -4995,33 +4847,31 @@ err1: return err; } @@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso return ERR_PTR(-EAGAIN); } #endif -@@ -5064,7 +4914,6 @@ static int nf_tables_newflowtable(struct +@@ -5069,7 +4919,6 @@ static int nf_tables_newflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_ctx ctx; int err, i, k; -@@ -5074,12 +4923,8 @@ static int nf_tables_newflowtable(struct +@@ -5079,12 +4928,8 @@ static int nf_tables_newflowtable(struct !nla[NFTA_FLOWTABLE_HOOK]) return -EINVAL; @@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5096,7 +4941,7 @@ static int nf_tables_newflowtable(struct +@@ -5101,7 +4946,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5109,7 +4954,7 @@ static int nf_tables_newflowtable(struct +@@ -5114,7 +4959,7 @@ static int nf_tables_newflowtable(struct goto err1; } @@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(type)) { err = PTR_ERR(type); goto err2; -@@ -5169,16 +5014,11 @@ static int nf_tables_delflowtable(struct +@@ -5174,16 +5019,11 @@ static int nf_tables_delflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5189,7 +5029,7 @@ static int nf_tables_delflowtable(struct +@@ -5194,7 +5034,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delflowtable(&ctx, flowtable); } -@@ -5264,7 +5104,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5269,7 +5109,7 @@ static int nf_tables_dump_flowtable(stru cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso continue; list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5283,7 +5123,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5288,7 +5128,7 @@ static int nf_tables_dump_flowtable(stru cb->nlh->nlmsg_seq, NFT_MSG_NEWFLOWTABLE, NLM_F_MULTI | NLM_F_APPEND, @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5343,7 +5183,6 @@ static int nf_tables_getflowtable(struct +@@ -5348,7 +5188,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5369,12 +5208,8 @@ static int nf_tables_getflowtable(struct +@@ -5374,12 +5213,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -6545,7 +6380,7 @@ int __nft_release_basechain(struct nft_c +@@ -6550,7 +6385,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6558,7 +6393,7 @@ static void __nft_release_afinfo(struct +@@ -6563,7 +6398,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6610,7 +6445,7 @@ static int __net_init nf_tables_init_net +@@ -6615,7 +6450,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch index 663f088d65..037759bdb7 100644 --- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4880,13 +4880,13 @@ void nft_flow_table_iterate(struct net * +@@ -4885,13 +4885,13 @@ void nft_flow_table_iterate(struct net * struct nft_flowtable *flowtable; const struct nft_table *table; diff --git a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch index 3aed3f9ff1..232f4b67a0 100644 --- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5265,17 +5265,12 @@ err: +@@ -5270,17 +5270,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index 84729ad1f5..29c87823b3 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso static void nft_ctx_init(struct nft_ctx *ctx, struct net *net, -@@ -361,6 +362,20 @@ static struct nft_table *nft_table_looku +@@ -364,6 +365,20 @@ static struct nft_table *nft_table_looku return NULL; } @@ -172,7 +172,7 @@ Signed-off-by: Pablo Neira Ayuso static struct nft_table *nf_tables_table_lookup(const struct net *net, const struct nlattr *nla, u8 family, u8 genmask) -@@ -377,6 +392,22 @@ static struct nft_table *nf_tables_table +@@ -380,6 +395,22 @@ static struct nft_table *nf_tables_table return ERR_PTR(-ENOENT); } @@ -195,7 +195,7 @@ Signed-off-by: Pablo Neira Ayuso static inline u64 nf_tables_alloc_handle(struct nft_table *table) { return ++table->hgenerator; -@@ -423,6 +454,7 @@ static const struct nla_policy nft_table +@@ -426,6 +457,7 @@ static const struct nla_policy nft_table [NFTA_TABLE_NAME] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, [NFTA_TABLE_FLAGS] = { .type = NLA_U32 }, @@ -203,7 +203,7 @@ Signed-off-by: Pablo Neira Ayuso }; static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net, -@@ -444,7 +476,9 @@ static int nf_tables_fill_table_info(str +@@ -447,7 +479,9 @@ static int nf_tables_fill_table_info(str if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) || nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) || @@ -214,7 +214,7 @@ Signed-off-by: Pablo Neira Ayuso goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -703,6 +737,7 @@ static int nf_tables_newtable(struct net +@@ -706,6 +740,7 @@ static int nf_tables_newtable(struct net INIT_LIST_HEAD(&table->flowtables); table->family = family; table->flags = flags; @@ -222,7 +222,7 @@ Signed-off-by: Pablo Neira Ayuso nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); -@@ -820,11 +855,18 @@ static int nf_tables_deltable(struct net +@@ -823,11 +858,18 @@ static int nf_tables_deltable(struct net struct nft_ctx ctx; nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla); @@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -1581,6 +1623,7 @@ static int nf_tables_delchain(struct net +@@ -1584,6 +1626,7 @@ static int nf_tables_delchain(struct net struct nft_rule *rule; int family = nfmsg->nfgen_family; struct nft_ctx ctx; @@ -252,7 +252,7 @@ Signed-off-by: Pablo Neira Ayuso u32 use; int err; -@@ -1589,7 +1632,12 @@ static int nf_tables_delchain(struct net +@@ -1592,7 +1635,12 @@ static int nf_tables_delchain(struct net if (IS_ERR(table)) return PTR_ERR(table); @@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(chain)) return PTR_ERR(chain); -@@ -2557,6 +2605,7 @@ static const struct nla_policy nft_set_p +@@ -2560,6 +2608,7 @@ static const struct nla_policy nft_set_p [NFTA_SET_USERDATA] = { .type = NLA_BINARY, .len = NFT_USERDATA_MAXLEN }, [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, @@ -274,7 +274,7 @@ Signed-off-by: Pablo Neira Ayuso }; static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { -@@ -2600,6 +2649,22 @@ static struct nft_set *nf_tables_set_loo +@@ -2603,6 +2652,22 @@ static struct nft_set *nf_tables_set_loo return ERR_PTR(-ENOENT); } @@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, const struct nlattr *nla, u8 genmask) -@@ -2716,6 +2781,9 @@ static int nf_tables_fill_set(struct sk_ +@@ -2719,6 +2784,9 @@ static int nf_tables_fill_set(struct sk_ goto nla_put_failure; if (nla_put_string(skb, NFTA_SET_NAME, set->name)) goto nla_put_failure; @@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3124,6 +3192,7 @@ static int nf_tables_newset(struct net * +@@ -3127,6 +3195,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso err = ops->init(set, &desc, nla); if (err < 0) -@@ -3183,7 +3252,10 @@ static int nf_tables_delset(struct net * +@@ -3186,7 +3255,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(set)) return PTR_ERR(set); -@@ -4244,6 +4316,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4249,6 +4321,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4251,6 +4338,7 @@ static const struct nla_policy nft_obj_p +@@ -4256,6 +4343,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4398,6 +4486,8 @@ static int nf_tables_newobj(struct net * +@@ -4403,6 +4491,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4444,7 +4534,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4449,7 +4539,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4642,7 +4734,7 @@ static int nf_tables_delobj(struct net * +@@ -4647,7 +4739,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4651,7 +4743,12 @@ static int nf_tables_delobj(struct net * +@@ -4656,7 +4748,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4723,6 +4820,7 @@ static const struct nla_policy nft_flowt +@@ -4728,6 +4825,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4740,6 +4838,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4745,6 +4843,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4948,6 +5060,8 @@ static int nf_tables_newflowtable(struct +@@ -4953,6 +5065,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -5022,8 +5136,14 @@ static int nf_tables_delflowtable(struct +@@ -5027,8 +5141,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -5056,7 +5176,9 @@ static int nf_tables_fill_flowtable_info +@@ -5061,7 +5181,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || diff --git a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index 3cc644a530..601df0cf95 100644 --- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau .owner = THIS_MODULE, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5075,40 +5075,38 @@ static int nf_tables_newflowtable(struct +@@ -5080,40 +5080,38 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau err3: module_put(type->owner); err2: -@@ -5389,10 +5387,8 @@ err: +@@ -5394,10 +5392,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { diff --git a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch index d78f8003aa..f173b1c4f1 100644 --- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4941,7 +4941,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4946,7 +4946,7 @@ static int nf_tables_flowtable_parse_hoo flowtable->ops[i].pf = NFPROTO_NETDEV; flowtable->ops[i].hooknum = hooknum; flowtable->ops[i].priority = priority; diff --git a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch index 8268041c21..784368520d 100644 --- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau WARN_ON(!nf_flow_offload_gc_step(flow_table)); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4985,23 +4985,6 @@ static const struct nf_flowtable_type *n +@@ -4990,23 +4990,6 @@ static const struct nf_flowtable_type *n return ERR_PTR(-ENOENT); } diff --git a/target/linux/generic/pending-4.14/332-arc-add-OWRTDTB-section.patch b/target/linux/generic/pending-4.14/332-arc-add-OWRTDTB-section.patch index 58f14b6ca5..414dbbc0c1 100644 --- a/target/linux/generic/pending-4.14/332-arc-add-OWRTDTB-section.patch +++ b/target/linux/generic/pending-4.14/332-arc-add-OWRTDTB-section.patch @@ -19,8 +19,8 @@ Signed-off-by: Alexey Brodkin --- a/arch/arc/kernel/head.S +++ b/arch/arc/kernel/head.S -@@ -49,6 +49,16 @@ - 1: +@@ -59,6 +59,16 @@ + #endif .endm +; Here "patch-dtb" will embed external .dtb @@ -38,24 +38,24 @@ Signed-off-by: Alexey Brodkin ;---------------------------------------------------------------- --- a/arch/arc/kernel/setup.c +++ b/arch/arc/kernel/setup.c -@@ -421,6 +421,8 @@ static inline int is_kernel(unsigned lon - return 0; - } - -+extern struct boot_param_header __image_dtb; -+ - void __init setup_arch(char **cmdline_p) - { - #ifdef CONFIG_ARC_UBOOT_SUPPORT -@@ -434,7 +436,7 @@ void __init setup_arch(char **cmdline_p) +@@ -469,7 +469,7 @@ ignore_uboot_args: #endif - { - /* No, so try the embedded one */ + + if (use_embedded_dtb) { - machine_desc = setup_machine_fdt(__dtb_start); + machine_desc = setup_machine_fdt(&__image_dtb); if (!machine_desc) panic("Embedded DT invalid\n"); + } +@@ -485,6 +485,8 @@ ignore_uboot_args: + } + } ++extern struct boot_param_header __image_dtb; ++ + void __init setup_arch(char **cmdline_p) + { + handle_uboot_args(); --- a/arch/arc/kernel/vmlinux.lds.S +++ b/arch/arc/kernel/vmlinux.lds.S @@ -30,6 +30,19 @@ SECTIONS diff --git a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index 8d13eeff87..62ba525601 100644 --- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4928,6 +4928,14 @@ static int nf_tables_flowtable_parse_hoo +@@ -4933,6 +4933,14 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) goto err1; @@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); if (!ops) { err = -ENOMEM; -@@ -5058,10 +5066,19 @@ static int nf_tables_newflowtable(struct +@@ -5063,10 +5071,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5159,7 +5176,8 @@ static int nf_tables_fill_flowtable_info +@@ -5164,7 +5181,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), -- cgit v1.2.3